I.T. Security and Linux Administration

There’s a lot of talk saying that you need to use at least 1024-bit keys for encryption to be beneficial now, due to the power of technology and what’s been developed. While I agree that the lower the bit strength, the easier it CAN be to break, I do not think there’s a set “standard” of sorts of what’s too weak or strong, and here’s why.

For a while now, I’ve been trying to think of what to write about on here. There’s the “new” Linux 3.0 kernel coming out later this year, but everyone’s already jumped on that bandwagon and rode it to high heaven. Lulzsec has broken up, but DDoS’ing is not considered a hack to me, just more of using a flaw in 20+ year old technology that’s only finally being fixed. There’s Cisco’s event going on right now, but personally I don’t really follow Cisco, and if I don’t enjoy what I’m writing about, it’s going to sound quite bland and boring.

Instead, I’m going to focus on the cloud again, but this time, with a little twist. As I’m sure quite a few people have heard (or even been apart of by now), Google released Google+, their social media network to fight Facebook. Being skeptical about this since Google’s problems with Buzz, I wasn’t expecting much. While I’m not going to write a review on Google+ (which, again, has been rode to high heaven), I will say this: Google is continuing what Facebook started.

What does this have to do with “the cloud”, and all that its bringing to the table, you ask? The cloud is like social media. It’s huge, a lot of people are flocking to it, creating all this buzz, and experiencing great technology. However, people are stuck in serious tunnel vision, in that they don’t see the flaws it present people as well.

There’s a fine line, especially in I.T., that seperates dependence and obsession. Everyone is dependent on I.T., social media, and to a lesser extent the cloud. All of Google’s services are (if not already) migrating to a pure cloud form, and so are many other services (i.e.: Dropbox). However, when we become so obsessed over technology, that it starts to consume the way we even think and behave, it gets to be a bit too much.

I’m not sure how many people who will read this will recall the movie “Anti-Trust”, but a movie that was made in the mid to late 1990’s is what we’re living in now. Every company is trying to create the next N.U.R.V., and develop an awesome Synapse. That’s awesome, I personally love having everything in a central location…especially considering I’m not the most organized person. However, are we really willing to give up our freedoms and security for what the cloud (i.e.: social networking) has to offer?

When it comes to websites such as Facebook, Google+, Twitter, etc… they give people a false sense of security. The content you post is only yours until someone else deems it unacceptable. Similar to the cloud, users can (if they have access to your files) report the file for being unacceptable, or otherwise breaking a terms of service.

Also, think about when the service goes down. The cloud is nothing more than RAID-0 for the Internet. The data is replicated across servers to ease the load balancing (which, unfortunately, RAID doesn’t do). While social media can’t act in the same manner, they tend to use the same technology. Which, this is genius when you look at it in the general scheme of things. When RAID fails, unless you’re lucky enough to notice the failure quickly, data across all the drives are going to be corrupted and lost (which you better hope at this point you have backups or the I.T. fellas are having a good day and you can recover data). Ultimately, storing data is not safe, nor secure. If it doesn’t get erased, there’s still no telling what its actually being used for.

When running “free -m”, I would see my “Free” memory go down further, even after closing out programs and such. While I didn’t know why this was before (but knew that free also involved disk caching), I looked into it and saw that basically the “-/+ buffers” line was your actual used and free memory statistics. In short, so I don’t start making this mistake again, I wrote the following Bash script (yes, Bash and awk are my weapons of choice when scripting). Continued »

I waited for a little bit to post this, but I recently ventured into the realm of writing PAM modules, and my first project has been finished. This is a MongoDB authentication module. In short, it allows you to authenticate users to a MongoDB database that the user has access to (for added security, the user should have read-only access to the database). This module requires libmongo-client, libpam, gcc and ld to compile (the last three should be on every system that allows for compiling programs). This module is written in strict C, and compiles without warnings. I’ve written a good how-to and such on GitHub, with the project officially supported by Zorveo (both links at the bottom of this post). Once you have libmongo-client downloaded and installed, set up is very quite easy. More modules will be released in the future as well.

Before asking for support, please read the README file on GitHub, as it was written to be as extensive as possible.

I got an interesting article in my inbox today in regards to using extended attributes to create checksums. While I don’t know if this will pick up to be a de facto standard way of distributing checksums, this is definitely a step in the right direction. Continued »

This is going to be a short article, but one I think will be quite useful for people who venture into making their own PAM modules. This might not work for your system, but for mine (and others it seems too), it does. Note too though that I will most likely be writing a series of articles on writing a custom PAM authentication (and possibly other types) module as this can be very useful for custom set ups. Continued »

It’s really no secret now, with all the news/media coverage, of the hacks on Sony and other companies, that some people are quite upset about things in this world. The way I look at it is it’s like a teenager acting out. They don’t know how to do it calmly or rationally, so they do it the only way they see fit. Everyone has their own outlet. However, the one thing that I can’t seem to comprehend is how they are acting out against “governments”, “conglomerates”, and other facts of life. This is an I.T. security article, and more is covered inside the “Continued…” link. Continued »

Like most people, I have Linux installed on my laptop. However, with the way I have it set up, I don’t have a readily-available battery monitoring widget/app/etc… to tell me when my battery’s going to die. Even though my laptop is almost always on the charger now, I still decided to cook up a little script to make this a little more aware to me, seeing as how I almost always have the terminal open. Continued »

For some reason, May has seemed to be authentication month for me. I just finished writing an article about SHA-12 encryption for passwords, Two Factor Authentication via SSH, and now I’m here for a new adventure. As mentioned in the two-factor article, I would write about my adventures in using it to authenticate users on the machine itself, not just with SSH. I have perfected this, and I will go into details (and a useful script at the end) for the world to share. Continued »

I’ve been trying to figure out for a little bit now how to do use the previously written Two Factor Authentication via SSH article for logging into my system directly. While it’s probably the same for SSH as it is for anything else involving PAM authentication, I haven’t actually dived into it too far currently. However, while working on some hardening thoughts for my system, I discovered how to enable SHA hashing, instead of using MD5, for logging into the system. Continued »

About This Blog

Tools and tips to assist you in your Linux lifestyle. While deviating sometimes to other operating systems, or off-topic discussions, the focus of this blog is to bring a new life to the Linux world, and hopefully a new insight to the happenings in the Linux and open source community as a whole.